Protecting your data while it resides on DISK is critical. For example, if you have DBF files for your TABLES and INDEXES, you should probably encrypt those.

But what about your backups, or exports?

Data Pump has supported Encryption since at least 11g.

And now with Oracle SQL Developer 19.4, it’s very easy to create encrypted EXPORTs and read those back in via IMPORTs.

Data Pump encryption features require that the Oracle Advanced Security option be enabled.

https://docs.oracle.com/en/database/oracle/oracle-database/19/dblic/Licensing-Information.html#GUID-AB56CEE3-955E-4E56-8B44-6075E889C283

Export Options

My password is not a good password, you do better!

Importing

Don’t forget to supply your password before trying to read the DMP file, or you’ll see something like this –

Oh, the dreaded ORA-39174

Easy to fix, assuming you know the magic word. Just go back a screen…

Of course it must match to what you supplied for the Export Job.

Then clicking next, we’ll attempt to read the DMP file so you can see what’s inside of it:

Success!

And if we look at the underlying PL/SQL block…

dbms_datapump.set_parameter(handle => h1, name => 'ENCRYPTION_PASSWORD', VALUE => :ENCRYPTIONBIND );
We’re not showing you the password.

This feature enhancement courtesy our user community!

In particular via Oracle ACE Director Rob Lockard – Rob requested this feature earlier last year. He wrote a book on the topic of Database Security with another ACE Director, so if you’re interested in learning more about security in general with Oracle Database, you might want to give it a look-see. I haven’t read this book yet, so I wouldn’t call this an endorsement, but I CAN endorse both Rob and Osama’s Oracle credentials and excellence overall.

Author

I'm a Distinguished Product Manager at Oracle. My mission is to help you and your company be more efficient with our database tools.

Write A Comment